USDT, the Tether Hack, and Implications for Exchanges

2017.11.31

Jeffrey Chen

Last week, Tether announced that its system had been hacked and nearly $31 million worth of its tokens (USDT) was stolen by an external attacker.① Following the news, the price of bitcoin dropped 6% before recovering. Tether reached out to exchanges and wallets warning them not to accept tokens sent from the attacker's address, and quietly hard-forked its software to freeze the stolen tokens.

While Tether was able to recover from the attack with no loss of customer funds, the incident prompted negative criticism within the cryptocurrency community and renewed scrutiny, including one high- profile article in the New York Times, of the relationship between Tether and Bitfinex, the largest exchange by USD trading volume.

The incident proved to be minor, but negative sentiment towards the companies, at least among some users, is persistent and likely long-term. Criticism on social media may be exaggerated but it reflects the real concern that a catastrophic market event could expose USDT illiquidity. In that event, exchanges and other Tether integrators would be the first to suffer the consequences.

Tether (USDT) is a cryptocurrency that is tied--"tethered"--to the US dollar. Since it is pegged to the dollar at a 1:1 ratio, Tether is a popular choice for many business that want to transact in digital currency without exposure to the price volatility of Bitcoin or other cryptocurrencies. Tether's CEO promotes it as the "crypto- dollar," which "will lead to better price discovery, market transparency and liquidity."②

Tether shares other cryptocurrencies' feature of borderless transactions. It's main advantage, though, is that it provides access to what is basically a USD-denominated asset without the need to deal with banks. This means that it is a popular choice for cryptocurrency-only exchanges and their users who want to spot trade crypto-USD pairs but lack the banking credentials. This is convenient since globally, market data is typically published in USD terms. Moreover, it provides insulation from the volatility and uncertainty of crypto-crypto pairs such as BTC/ETH, ETP/BTC, etc.

At the same time, there are major concerns about lack of transparency and liquidity surrounding Tether, and its partner exchange Bitfinex. Both are headed by CEO Jan Ludovicus van der Velde, who claims that “the financial position of the company has never been stronger.”③

Bitfinex is officially incorporated in the British Virgin Islands. It has been hacked twice, most recently in August 2016 for 120k bitcoin ($72 million at the time). It was fined by the U.S. CFTC for "offering illegal off- exchanged financed commodity transactions,"④and denied access to US banks; earlier this year it lost its Taiwan banking partner as well. Despite these setbacks, and the community backlash against the company

Bitfinex consistently ranks highest on 24 hour trade volume, both overall and for BTC/USD, according to CoinMarketCap, with a 24-hour total.of $3.8 billion USD at the time of writing.⑤

Critics argue, not without merit, that Bitfinex has not been transparent about the details of the August 2016 hack, although it appears to have since taken measures to increase the platform's security. But most controversial is Tether and the relationship between the exchange and the USDT token: online rumors (apparently originating with one outspoken critic on Medium⑥) are widely circulated suggesting the Bitfinex "prints" Tether and that neither Tether nor Bitfinex are backed by real USD.

In September, the companies released accounting statements intending to prove that their operations are financed by 'real money'. Critics discount these statements because the bank names have been redacted.

Since the Tether hack, social media criticism has mounted as another $10 million ($20 million by some accounts) of USDT was issued. Further criticism has come from industry experts, analysts, and developers who disagree with the Tether team's centralized, unilateral response to the hack. Their service suspension and behind-closed-doors hard fork was done without consensus and without consultation. While unilateral action is in many cases the best option in emergency situations, it goes against the principles of many who are dedicated to avoiding the kind of heavy-handed, centralized decision-making typically associated with the traditional financial system.

On November 26, Bitfinex was the target of a DDoS attack.

Analysis

The Tether hack was not a fatal blow. The value of stolen USDT tokens was small compared to the overall cryptocurrency market cap as it stands today, and Tether's response resulted in quick recovery.

Nevertheless, the fact that bitcoin price dropped 6% reveals the oversized impact that Tether (and Bitfinex) have on the market. This suggests that their products have high utility value.

It is also an indicator of how wary cryptocurrency investors are of any potential issue with Tether/Bitfinex solvency. By comparison, the Parity multisig wallet incident earlier this month froze over $150 million worth of ETH without causing any meaningful fluctuation in ETH price.

The considerable negative sentiment towards Tether/Bitfinex for their alleged unscrupulous business practices may prove to be unfounded, but the reputational costs are significant. In the event of an incident such as this one, it can lead to DDoS attacks, loss of trading volume, fake news,⑦ and, more seriously, negative publicity in mainstream media outlets such as NYT. This is an undesirable outcome.

For exchanges and other business that have issues with access to traditional banking, Tether is one solution. But it is one that may be increasingly frowned upon by regulators, and it comes with high risks: Tether is centralized, and should they prove to be untrustworthy, it could be catastrophic for services that rely on their "crypto-dollar." In the event of a traditional "run on the bank" scenario for the cryptocurrency market, Tether and its integrators could be one of the first group of business in the space to collapse.